Robert,
* Robert Haas (robertmhaas@gmail.com) wrote:
> On Wed, Jan 25, 2017 at 2:13 PM, Stephen Frost <sfrost@snowman.net> wrote:
> > I went over *every* superuser check in the system when I did that work,
> > wrote up a long email about why I made the decisions that I did, posted
> > it here, had follow-on discussions, all of which lead to the patch which
> > ended up going in.
>
> Link to that email? I went back and looked at that thread and didn't
> see anything that looked like a general policy statement to me. But I
> may have missed it.
Not sure which thread you were looking at, but this one:
https://www.postgresql.org/message-id/20141015052259.GG28859%40tamriel.snowman.net
Has a review of all superuser checks in the backend, as noted in the
first paragraph ("shown below in a review of the existing superuser
checks in the backend").
Later on in that thread, at least in:
https://www.postgresql.org/message-id/20160106161302.GP3685%40tamriel.snowman.net
In an email to you and Noah:
----------------
The general approach which I've been using for the default roles is that
they should grant rights which aren't able to be used to trivially make
oneself a superuser.
----------------
My recollection is saying that about 10 times during that period of
time, though perhaps I am exaggurating due to it being a rather painful
process to get through.
> I assume we're
> both coming at these issues with the intention of making PostgreSQL
> better;
Always.
> the fact that we don't always agree on everything is probably
> inevitable.
Agreed.
Thanks!
Stephen